Manuals / Brands / Household Appliance / Thermostat / Planet Technology / Household Appliance / Thermostat

Planet Technology VRT-311, VRT-311S (ping), Options, through, Block non, IP packets, Allow VPN pass, Respond to ICMP, Drop fragmented, Block TCP Flood, Block UDP Flood, standard packets

1 147

Download 147 pages, 2.66 Mb

Broadband VPN Router User’s Manual

Options

Respond to ICMP	The ICMP protocol is used by the "ping" and "trace route" programs,
(ping)	and by network monitoring and diagnostic programs.
	∙ If checked, VRT-311 / VRT-311S will respond to ICMP packets
		received from the Internet.
	∙ If not checked, ICMP packets from the Internet will be ignored.
		Disabling this option provides a slight increase in security.

Allow VPN pass-	If enabled, PCs on the LAN can use VPN software to connect to
through	remote clients via the Internet connection. The protocols supported
	are:
	∙	IPSec
		IPSec protocol is used to establish a secure connection, and is
		widely used by VPN (Virtual Private Networking) programs.
	∙	PPTP
		PPTP (Point to Point Tunneling Protocol) is widely used by VPN
		(Virtual Private Networking) programs.
	∙	L2TP
		L2TP is a protocol developed by Cisco for VPNs (Virtual Private
		Networks).

Drop fragmented	If enabled, fragmented IP packets are discarded, forcing re-
IP packets	transmission of these packets. In some situations, this could prevent
	successful communication.
	Normally, this setting should be disabled.

Block TCP Flood	A TCP flood is excessively large number of TCP connection requests.
	This is usually a DoS (Denial of Service) attack.
	This setting should normally be enabled.

Block UDP Flood	A UDP flood is excessively large number of UDP packets. This is
	usually a DoS (Denial of Service) attack.
	This setting should normally be enabled.

Block non-	Abnormal packets are often used by hackers and in DoS attacks, but
standard packets	may also be generated by mis-configured network devices. (PCs will
	normally not generate non-standard packets.)
	This setting should normally be enabled.

70

Contents

Page Page Page Page Introduction Internet Access Features Advanced Internet Functions LAN Features Configuration & Management Security Features IPSec VPN Gateway Features Microsoft VPN Gateway Support Front-mountedLEDs PPPoE Rear Panel Using the DMZ Port Installation 3. Connect WAN Cable 4. Power Up 5. Check the LEDs Setup Preparation Using your Web Browser HTTP://192.168.0.1 If you can't connect ping Figure 7: Password Dialog Admin Login Common Connection Types Other Modems (e.g. Broadband Wireless) Big Pond Cable (Australia) SingTel RAS Home Screen LAN Screen Figure 9: LAN Screen Data - LAN Screen TCP/IP Subnet Mask DHCP PC Configuration TCP/IP Settings - Overview Checking TCP/IP Settings - Windows 9x/ME: Figure 32: Gateway Tab (Win 95/98) Figure 3: DNS Tab (Win 95/98) Checking TCP/IP Settings - Windows NT4.0 Obtain an IP address from a DHCP Server Specify an IP Address Figure 16: Windows NT4.0 - Add Gateway Figure17: Windows NT4.0 - DNS Checking TCP/IP Settings - Windows 2000: Using a fixed IP Address ("Use the following IP Address") Checking TCP/IP Settings - Windows XP Figure21: TCP/IP Properties (Windows XP) Internet Access Macintosh Clients Note: Linux Clients Ensure you are logged in as "root" before attempting any changes Fixed IP Address Operation and Status Data - Status Screen Internet Connection Method Broadband Modem Internet Connection Connection Status - PPPoE Figure23: PPPoE Status Screen Data - PPPoE Screen Connection Physical Address Connect Disconnect Clear Log Refresh Connection Log Messages Connection Status - PPTP Figure24: PPTP Status Screen Data - PPTP Screen PPTP Status Connection Status - Telstra Big Pond Figure25: Telstra Big Pond Status Screen Data - Telstra Big Pond Screen Connection Status Connection Details - SingTel RAS Figure26: Connection Details - SingTel RAS Data - SingTel RAS Screen RAS Plan DNS IP Address DHCP Client Release/Renew Button will display EITHER Connection Details - Fixed/Dynamic IP Address Figure27: Connection Details - Fixed/Dynamic IP Address Data - Fixed/Dynamic IP address Screen Page Internet Features WAN Port Configuration Internet Figure28: WAN Port Configuration Screen Data – WAN Port Configuration Screen Identification IP Address Dynamic IP Address is assigned auto matically Specified Login Login Method PPTP Big Pond Cable SingTel RAS Communication Applications Special Applications Multi-DMZ URL Filter URL Filter Screen Dynamic DNS Screen DDNS Data User Name Password/Key Domain Name DDNS Status IP Address seen by Internet Users Virtual Servers Screen Defining your own Virtual Servers Connecting to the Virtual Servers Security Configuration Figure37: Password Dialog Access Control Screen Data - Access Control Screen Group Group "Members" Button Internet Access Page Group Members Screen Access Control Log Firewall Rules Screen Data Source Action Edit Move Define Firewall Rule Dest IP Log Logs Figure42: Logs Screen Data - Logs Screen Enable Logs Incoming Traffic All IP traffic All TCP/UDP/ICMP traffic Timezone Timezone Syslog Server Enable Syslog Syslog Server Include E-mail Figure43: E-MailScreen Data – E-MailScreen E-MailAlerts Send E-Mailalert E-mailaddress Subject SMTP Server Port No Security Options Figure44: Security Options Screen Data - Security Options Screen Firewall Enable DoS Options Respond to ICMP (ping) Allow VPN pass through Define Schedule Screen Services Figure46: Services Screen Data - Services Screen Available Services Available Services VPN (IPSec) IPSec IKE Policies VPN Configuration VPN Pass-through Client PC to VPN Gateway Connecting 2 LANs via VPN VPN Policies Screen Adding a New Policy Figure52: VPN Wizard – General Screen General Settings Enable Policy Allow NetBIOS traffic Figure53: VPN Wizard - Traffic Selector Screen Local IP addresses Any Single address Range address Remote IP addresses Manual Key Exchange Figure54: VPN Wizard - Manual Key Exchange Screen Manually assigned Keys AH Authentication SPI ESP Encryption Encryption Algorithm Key - In / Key - Out ESP Authentication IKE Phase Figure55: VPN Wizard - IKE Phase 1 Screen IKE Phase 1 (IKE SA) Local Identity WAN IP Address Authentication RSA Signature Pre-shared key Algorithm IKE Phase 2 Screen Figure56: VPN Wizard - IKE Phase 2 Screen IKE Phase 2 (IPsec SA) IPsec SA Life Time IPSec PFS Figure57: VPN Wizard - Final Screen Example 1: Connecting 2 VRT-311 / VRT-311Ss IPSec SA Parameters Example 2: Windows 2000/XP Client to LAN Windows Client Configuration Figure60: Windows 2000/XP - Local Security Settings Figure61: Windows 2000/XP - Policy Properties Figure62: IP Filter List Figure63: Filter Properties: Addressing Figure64: New Rule Properties: IP Filter List Figure65: New Rule Properties: Filter Action Figure66: Require Security Properties Figure67: Modify Security Method Figure68: Require Security Properties VPN Setting Windows Setting Figure69: Tunnel Setting Figure70: Authentication Method Figure71: Windows 2000/XP Client to VRT-311 / VRT-311S Figure72: Windows 2000/XP Client to VRT-311 / VRT-311S Figure73: Filter Properties: Addressing Figure74: Filter List Figure75: Filter Action Figure76: Security Methods Figure77: Modify Security Method Figure78: Tunnel Setting Figure79: Authentication Method Figure80: DUT to Win2K Properties Figure81: Properties - General Tab Figure82: Key Exchange Settings Figure83: Key Exchange Security Methods Figure84: IKE Security Algorithms Figure85: Windows 2000/XP Client to VRT-311 / VRT-311S Configuration is now complete Example 3: Windows 2000 Server to VPN Gateway Windows 2000 Server Configuration Figure87: Windows 2000 Server - Addressing Trusted Certificates Requesting a Trusted Certificate Self Certificates Requesting a Self Certificate Hash Algorithm Signature Algorithm Signature Key Length IP address E-mailAddress Figure93: Upload Self Certificate CRLs To add a New CRL Figure94: Certificate Revocation Lists Figure 95: Upload CRL Status Figure96: VPN Status Screen Data – VPN Status Screen VPN Status Data Rx Microsoft VPN Data – Microsoft VPN Screen PPTP Server Methods Client Database Client Data - Microsoft VPN Client Database Screen Existing Users User List Allow connection Login Name Figure99: Microsoft VPN Status Screen Data - Microsoft VPN Status Screen Server Status Status Current Connec Windows 98/ME Figure102: Windows ME VPN Dialing Properties To establish a connection: Windows Figure105: Windows 2000 VPN Host Figure106: Windows 2000 Connection Availability Figure107: Windows 2000 Finish Wizard Changing the connection settings Windows XP Figure110: Windows XP Connection Name Figure111: Windows XP Public Network Figure112: Windows XP VPN Server Figure113: Windows XP Connection Availability Other Features & Settings Config File Network Diagnostics PC Database Config File Config File Figure114: Config File Screen Data - Config File Screen Backup Config Restore Config Network Diagnostics Network Diagnostics Figure115: Network Diagnostics Screen Data - Network Diagnostics Screen Ping Ping Button PC Database Screen Data - PC Database Screen Known PCs Generate Report Advanced Administration PC Database (Admin) Automatic discovery MAC is Add as New Entry Standard Screen Remote Administration Figure118: Remote Administration Screen Data - Remote Administration Screen Information Information Port Number Allow Remote Access Everyone IP address range Overview Routing Screen Figure119: Routing Screen Data - Routing Screen RIP Enable RIP Static Routing Configuring Other Routers on your LAN Static Routing - Example For Router A's Default Route For Router B's Default Route Upgrade Firmware Figure121: Upgrade Firmware Screen Data – Upgrade Firmware Screen Upgrade Firmware VRT-311 /VRT 311S Password Upgrade File Start Upgrade UPnP Figure122: UPnP Screen Data - UPnP Screen UPnP Enable UPnP Allow Configu ration Allow Internet Troubleshooting Solution 2: Specifications FCC Radiation Exposure Statement